All the vulnerabilites related to AMD - All supported processors
cve-2021-26318
Vulnerability from cvelistv5
Published
2021-10-13 18:29
Modified
2024-09-16 16:48
Severity ?
Summary
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:20.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "All supported processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "undefined",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "CWE-208 Information Exposure Through Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T18:29:14",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1017",
        "discovery": "EXTERNAL"
      },
      "title": "Side-channels Related to the x86 PREFETCH Instruction",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "DATE_PUBLIC": "2021-10-12T19:30:00.000Z",
          "ID": "CVE-2021-26318",
          "STATE": "PUBLIC",
          "TITLE": "Side-channels Related to the x86 PREFETCH Instruction"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "All supported processors",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "AMD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-208 Information Exposure Through Timing Discrepancy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017"
            }
          ]
        },
        "source": {
          "advisory": "AMD-SB-1017",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26318",
    "datePublished": "2021-10-13T18:29:14.977353Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T16:48:55.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26313
Vulnerability from cvelistv5
Published
2021-06-09 11:23
Modified
2024-09-16 19:41
Severity ?
Summary
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:20.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "All supported processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "undefined",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "CWE-208 Information Exposure Through Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-13T18:15:09",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1003",
        "discovery": "EXTERNAL"
      },
      "title": "AMD Speculative Code Store Bypass",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "DATE_PUBLIC": "2021-06-08T19:30:00.000Z",
          "ID": "CVE-2021-26313",
          "STATE": "PUBLIC",
          "TITLE": "AMD Speculative Code Store Bypass"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "All supported processors",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "AMD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-208 Information Exposure Through Timing Discrepancy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"
            }
          ]
        },
        "source": {
          "advisory": "AMD-SB-1003",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26313",
    "datePublished": "2021-06-09T11:23:37.970519Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T19:41:53.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12965
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-09-16 22:40
Severity ?
Summary
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.033Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010"
          },
          {
            "name": "[oss-security] 20231205 SLAM: Spectre based on Linear Address Masking",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/05/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "All supported processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "undefined",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "TBD",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-06T03:06:18.982713",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010"
        },
        {
          "name": "[oss-security] 20231205 SLAM: Spectre based on Linear Address Masking",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/05/3"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1010",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2020-12965",
    "datePublished": "2022-02-04T22:29:13.634345Z",
    "dateReserved": "2020-05-15T00:00:00",
    "dateUpdated": "2024-09-16T22:40:10.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26314
Vulnerability from cvelistv5
Published
2021-06-09 11:23
Modified
2024-09-17 02:21
Severity ?
Summary
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:20.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"
          },
          {
            "name": "[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"
          },
          {
            "name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
          },
          {
            "name": "FEDORA-2021-41d4347447",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/"
          },
          {
            "name": "FEDORA-2021-993693c914",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "All supported processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "undefined",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "CWE-208 Information Exposure Through Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-17T02:06:09",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"
        },
        {
          "name": "[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"
        },
        {
          "name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
        },
        {
          "name": "FEDORA-2021-41d4347447",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/"
        },
        {
          "name": "FEDORA-2021-993693c914",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1003",
        "discovery": "EXTERNAL"
      },
      "title": "AMD Speculative execution with Floating-Point Value Injection",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "DATE_PUBLIC": "2021-06-08T19:30:00.000Z",
          "ID": "CVE-2021-26314",
          "STATE": "PUBLIC",
          "TITLE": "AMD Speculative execution with Floating-Point Value Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "All supported processors",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "AMD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-208 Information Exposure Through Timing Discrepancy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"
            },
            {
              "name": "[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"
            },
            {
              "name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
            },
            {
              "name": "FEDORA-2021-41d4347447",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/"
            },
            {
              "name": "FEDORA-2021-993693c914",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/"
            }
          ]
        },
        "source": {
          "advisory": "AMD-SB-1003",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26314",
    "datePublished": "2021-06-09T11:23:44.010985Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-17T02:21:23.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}